Copilot & Agent configuration

[tmikula-dev]

Overview

Adds detailed agent role definitions for DevOps Engineer, Reviewer, SDET, Senior Developer, and Specification Master in the .github/agents/ directory. Introduces copilot-instructions.md file to have copilot instruction setted for the project.

Release Notes

• Copilot configuration
• Agents project specific configuration

Related

Closes #107

Summary by CodeRabbit

• Documentation

  • Added comprehensive project guidelines, architecture overview, and contributor instructions.
  • Introduced formal role specifications (DevOps, Reviewer, SDET, Senior Developer, Specification Master) defining responsibilities and acceptance criteria.

• Chores

  • Added a local quality-gate script to validate formatting, linting, typing, and test coverage before submission.
  • Simplified CI workflow and added a placeholder security scan result file to support automated scan uploads.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

AquaSec has completed a full security repository scan ✅ You can find the analysis results for this PR branch on this overview.
Below is the summary of the findings:

AQUASEC	CRITICAL	HIGH	MEDIUM	LOW	TOTAL
sast	0	4	2	0	6
vulnerabilities	0	0	0	0	0
iacMisconfigurations	1	2	2	10	15
secrets	0	0	0	0	0
pipelineMisconfigurations	0	0	0	16	16
license	0	0	0	0	0
➡️ Total	1	6	4	26	37

[coderabbitai]

Walkthrough

Adds five AI agent role specification files and a copilot instructions guide; adds a local CI quality-gates script; simplifies the AquaSec GitHub Actions workflow to a SARIF existence check and upload; and introduces a test SARIF file (test_aquasec_scan.sarif).

Changes

Cohort / File(s)	Summary
Agent Role Documentation \.github/agents/* \.github/agents/devops-engineer.agent.md, \.github/agents/reviewer.agent.md, \.github/agents/sdet.agent.md, \.github/agents/senior-developer.agent.md, \.github/agents/specification-master.agent.md	Adds five agent spec files defining missions, inputs/outputs, responsibilities, quality gates, collaboration guidance, and Definitions of Done for project roles.
Project Copilot Configuration \.github/copilot-instructions.md	Adds repository-level Copilot instructions covering architecture, file layout, handlers/writers patterns, testing approach, and quality gate expectations.
Local CI Script ci_local.sh	Adds a standalone shell script implementing local CI quality gates: Black check, Pylint (min 9.5), Mypy on src/, and Pytest with ≥80% coverage; exits on failure.
AquaSec Workflow Simplification \.github/workflows/aquasec_repo_scan.yml	Replaces complex AquaSec retrieval and processing flow with a minimal check for test_aquasec_scan.sarif existence and uploads that SARIF; removes authentication, API calls, and SARIF post-processing.
Test SARIF Artifact test_aquasec_scan.sarif	Adds a SARIF 2.1.0 file (AquaSec driver metadata) with empty rules/results, used by the simplified workflow.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Tech debt: updating the project structure #102: Modifies the same \.github/workflows/aquasec_repo_scan.yml workflow—related by workflow changes.
• API caller for AquaSec full repository scan #89: Implements full AquaSec API retrieval and SARIF generation, which contrasts with this PR's simplification—strongly related.
• Trivy Scanning tool pilot implementation #72: Adds or modifies security-scanning SARIF-producing workflows (Trivy/AquaSec), overlapping CI/security workflow concerns.

Suggested reviewers

• lsulak
• petr-pokorny-absa

Poem

🐰 I hopped in with specs and a script in my paw,

Routes, tests, and copilot rules all in awe.
A tiny SARIF file to light up the scan,
Quality gates clack like a well-practiced plan,
Hooray — the warren's improved, let's code on, hurrah! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The pull request includes out-of-scope changes to the AquaSec workflow (aquasec_repo_scan.yml) and test_aquasec_scan.sarif file that are not related to Copilot or agent configuration objectives.	Remove aquasec_repo_scan.yml and test_aquasec_scan.sarif changes; they should be submitted in a separate pull request focused on security scanning updates.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: adding Copilot and agent configuration files to the project.
Description check	✅ Passed	The description covers all required template sections with meaningful content about agent definitions, Copilot configuration, and linked issue reference.
Linked Issues check	✅ Passed	The pull request fulfills all acceptance criteria from issue #107: includes copilot-instructions.md in .github folder and adds AI agent role definitions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@ci_local.sh`:
- Around line 9-16: The shell invocation currently expands unquoted $(git
ls-files '*.py') which breaks on filenames with whitespace; change the two calls
that pass $(git ls-files '*.py') to Black and Pylint to use NUL-delimited file
lists instead (e.g. use git ls-files -z '*.py' | xargs -0 black --check or git
ls-files -z '*.py' | xargs -0 pylint --fail-under=9.5) or capture into a
NUL-aware array (mapfile -d '' FILES < <(git ls-files -z '*.py') && black
--check "${FILES[@]}"); update the occurrences referencing black and pylint so
filenames are handled safely.

🧹 Nitpick comments (1)

.github/agents/reviewer.agent.md (1)

21-21: Consider the maintenance implications of hardcoded implementation details.

The reference to ROUTE_HANDLERS in event_gate_lambda.py provides clear guidance but will require updates if the implementation pattern changes. Consider adding a note that this specification should be reviewed when architectural changes occur.

[miroslavpojer]

I am missing the copilot rules file for reviewer. He is very helpfull.
I have checked usage of rulesets.

• I see there is some unsupported setup.
• When signed commit will be enabled then copilot refuse to work.
• It can be fixed by bypassing the copilot for PR only.

Could you introduce rulesets, add bypass and update the related handbook pages with this technical tip?

[oto-macenauer-absa]

maybe

- Terraform scripts are not part of this repository

[oto-macenauer-absa]

I'd add

- Preserve existing formatting and conventions.

[oto-macenauer-absa]

Would be nice to add also a lint prompt to use this script.

Something like .github/prompts/lint.prompt.md with this content:

---
mode: agent
description: Lint code in the project using Pylint, Black, and mypy tools
---

Your task is to lint the code in the project using Pylint, Black, and mypy tools. Follow the instructions below to perform the linting process.

## Instructions

- run ci_local.sh - The command is going to take a while to finish, make sure you give it enough time to complete before looking for results.
- Analyze the output from each tool and identify any issues or areas for improvement in the code.
- Provide a summary of the linting results, including any errors or warnings found by each tool

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/aquasec_repo_scan.yml:
- Around line 28-38: The workflow currently only verifies a static file
("test_aquasec_scan.sarif") and uploads it (steps "Verify SARIF file exists" and
"Upload Scan Results to GitHub Security"), so restore the real AquaSec scanning
steps or make the purpose explicit: either (A) replace the check-and-upload of
test_aquasec_scan.sarif with the original authentication, API call, scanner
invocation, SARIF conversion, and output path used by the "AquaSec Full
Repository Scan" job so actual scanning runs and generates a real SARIF file
before upload, or (B) if this is intended as a test, rename the workflow and job
and add a conditional (e.g., only: branches: [ci-test] or an env flag) and
documentation to clearly mark it as a mock; locate the steps by the step names
"Verify SARIF file exists" and "Upload Scan Results to GitHub Security" and the
test artifact name test_aquasec_scan.sarif to make the necessary edits.